A warning to everyone about the servers --- I took my exam this week and the servers where the servers are super slow each click took at least 1 second. For the questions that required multiple steps like scanning for the ports and then enumerating over them, and then gaining access, it took a really long time especially when you have refer back to another terminal for the IP addresses. With 3 subnets, you can imagine that the list of machines is pretty long so imagine the scrolling you have to do and the slow speed of scrolling! I had copied them into a .txt file on the VM desktop (you cannot copy them to your own desktop) but the speed to open the txt file each time was still super slow! You are not allowed any pen and paper so you cannot write them down - which in a real life scenario is possible! Most of the time is actually spent on this and I did not have enough time to complete it. EC-Council refuses to admit that and said that "you are supposed to scan the target subnets first completely". That was what I did but it does go beyond scanning the subnets isn't it ??? It is really a SHAM from EC-Council considering that people paid some significant amount of money for this.
So its not just me. I was preparing keeping in my mind the old syllabus and trust me immediately after reviewing the questions in the exam which i appeared 1 week back i knew i am not gonna pass this . . So just tried my best to stay calm and solve the questions. Question pattern- 1. There is now 3 /24 subnets to scan with many machines hosted with variety of services including Active Directory! Though no questions was related deeply with Active Directory. 2. Faced questions related to new topics mentioned in this video like vuln scan, malware analysis, privilege escalation, RAT etc 3. Questions from wireshark is changed, included IoT protocols and cracking wireless encryption using pcap traces. 4. Web exploitation questions are not so simple like previous. Faced almost 4-5 questions alone in this domain. 5. All questions are made complex. Even easy questions are convoluted to just kill your time :) . . Like the question relating to openstego, i was asked to decode the secret message in image file. The password was in a text file. So I checked the text file i found a hash there ! So have to decrypt the hash first. Hash type is not mentioned so you have to identify the hash type ! VM has no internet and the copy/pasting from VM to my browser was NOT allowed! Then i used another tool named hash identifier to identify the hash. Then used john the ripper to crack it . . Then was able to use the cracked password for openstego question! Similarly had to crack hash in veracrypt question but this time hash type was mentioned i think. Just imagine encountering this during exam ! Exam Experience: - exam VM was slower as it loaded in browser. - since i have given exam in laptop it become so hot after using the exam environment for 6 hour. - the writings on the VM is so slow that most of the time had to get very close to see the output. - i think in one question there was bug. Like i was told to crack SMB credentials and get a file from share. Cracked the credentials but was unable to mount to SMB share using different tools! - my personal opinion is 6 hour is not enough to solve all the 20 questions! U may pass but achieving 20/20 in 6 hour u have to be a PRO i think!
Had a question about FQDN of the domain controller, and it would just not accept my reply, another one was decrypt a 384 hash, and enter last 4 digits. It refused to accept that. Ohh and ofc, "sticky" keys like crazy, when trying to type a command or password, it would keep writing letters. Another challenge was since I am not a US keyboard user, I could not change keyboard layout. So typing in chars when not used to US keyboard was a pain in the a... :)
@@heinenk yes, got this issue of writing multiple letters at a row several times and had to correct it too ! I am done with EC council. . Not again. . PJPT dropped today and i think i will go for it next . .
the new exam are indeed way harder, but not impossible. flags are no longer in plain sight, and you are deliberately made to work for them by going an extra step or two. for example, flags are stored in hidden directories, flag values with hash that you have to calculate separately, etc. so get good with your shell commands, linux, nmap and all the common tools. all the best!
@@PedroSouza-lc5qz there is WiFi, and IoT. Learn how to analyse pcap using wireshark. Also how to crack wireless pcap captures. U need to understand privilege escalation to enable capture the flags. Some flags are encrypted within a file or folder which u need to decrypt.
@@augustinenzewi5227 Thanks!! And the softwares to decrypt files or folders within the Parrots OS or i need to download them? One question if nobody said to me, can i use chatgpt? :)
This video is accurately correct Exam has been exam very much We have 3 subnets with 4-5 machines in each Question have been merged into once questions like after solve you will get hash to becode after enumerations LAB is very slow for these merged questions I brealy Cleared 18 questions in complete 6 hours Initially i had believed i can clear 20 questions in just 2 hours but questions are really changed now We have to do enumeration for each question By the way IoT, Vulnerabilities Analysis, wi-fi and Priv Esc part are added but they are very easy But be prepare to enumerate 3 subnet in small and laggy screen/machines for each question and you have to use answer to exploit again or crack (no 1 step answers) And LAB in buggy as after exploiting web vulnerability you can't get shell even on p80 443 In Malware analysis, given file was not opened with any of tool given in lab and displayed currupt file error
Hello if you don't mind can you explain the priv esc part. or if there's a way i can contact you, maybe you can drop your telegram username. if you don't mind. Thanks
I had a question where they asked me for the value of page_ID=95, I looked at the source code of the given domain and there was a value in page_Id=95 but it gave me an error, I couldn't solve it. Any suggestions?
Hi my friend ! Are you sure you fall on exam the malware analysis and privilege escalation? on the practice exam an d not just in theoretical? I bought the exam and took the content within the exam proposal and didn't have it, I did it yesterday, aren't those presented only for the theoretical test?
Bro what kind of things can we do during exam? I mean can we watch tutorials of the tools on youtube if we don't know the answer? Or can we use chatgpt, or any other google sites if we dont know something?
As far as know we can Google but I am not sure about RUclips you can keep it as option and ask the invigilator before exam if he allows then it's well and good
@@abuzarkhan1841 bro, I am not the member of Ec Council, I can't take guarantee, but I believe if it's old then there are more chances, you must cover other topics as well
I paid for CEHv11 Practial, will my exam be for cehv12 or 11. Also is this playlist of yours sufficient as the only resource to pass the exam? Please upload videos on all the topics. I’m very nervous and have less time left
Kindly go through each comment, every one has shared their new exam experience it will help you all.
A warning to everyone about the servers --- I took my exam this week and the servers where the servers are super slow each click took at least 1 second. For the questions that required multiple steps like scanning for the ports and then enumerating over them, and then gaining access, it took a really long time especially when you have refer back to another terminal for the IP addresses. With 3 subnets, you can imagine that the list of machines is pretty long so imagine the scrolling you have to do and the slow speed of scrolling!
I had copied them into a .txt file on the VM desktop (you cannot copy them to your own desktop) but the speed to open the txt file each time was still super slow! You are not allowed any pen and paper so you cannot write them down - which in a real life scenario is possible!
Most of the time is actually spent on this and I did not have enough time to complete it. EC-Council refuses to admit that and said that "you are supposed to scan the target subnets first completely". That was what I did but it does go beyond scanning the subnets isn't it ???
It is really a SHAM from EC-Council considering that people paid some significant amount of money for this.
So its not just me. I was preparing keeping in my mind the old syllabus and trust me immediately after reviewing the questions in the exam which i appeared 1 week back i knew i am not gonna pass this . . So just tried my best to stay calm and solve the questions.
Question pattern-
1. There is now 3 /24 subnets to scan with many machines hosted with variety of services including Active Directory! Though no questions was related deeply with Active Directory.
2. Faced questions related to new topics mentioned in this video like vuln scan, malware analysis, privilege escalation, RAT etc
3. Questions from wireshark is changed, included IoT protocols and cracking wireless encryption using pcap traces.
4. Web exploitation questions are not so simple like previous. Faced almost 4-5 questions alone in this domain.
5. All questions are made complex. Even easy questions are convoluted to just kill your time :) . . Like the question relating to openstego, i was asked to decode the secret message in image file. The password was in a text file. So I checked the text file i found a hash there ! So have to decrypt the hash first. Hash type is not mentioned so you have to identify the hash type ! VM has no internet and the copy/pasting from VM to my browser was NOT allowed! Then i used another tool named hash identifier to identify the hash. Then used john the ripper to crack it . . Then was able to use the cracked password for openstego question! Similarly had to crack hash in veracrypt question but this time hash type was mentioned i think. Just imagine encountering this during exam !
Exam Experience:
- exam VM was slower as it loaded in browser.
- since i have given exam in laptop it become so hot after using the exam environment for 6 hour.
- the writings on the VM is so slow that most of the time had to get very close to see the output.
- i think in one question there was bug. Like i was told to crack SMB credentials and get a file from share. Cracked the credentials but was unable to mount to SMB share using different tools!
- my personal opinion is 6 hour is not enough to solve all the 20 questions! U may pass but achieving 20/20 in 6 hour u have to be a PRO i think!
Had a question about FQDN of the domain controller, and it would just not accept my reply, another one was decrypt a 384 hash, and enter last 4 digits. It refused to accept that. Ohh and ofc, "sticky" keys like crazy, when trying to type a command or password, it would keep writing letters. Another challenge was since I am not a US keyboard user, I could not change keyboard layout. So typing in chars when not used to US keyboard was a pain in the a... :)
@@heinenk yes, got this issue of writing multiple letters at a row several times and had to correct it too ! I am done with EC council. . Not again. . PJPT dropped today and i think i will go for it next . .
@@nafizurrahman2569 I faced this too.
I'm going to. write an exam can anyone give some questions like
I took it on Friday and experienced the same thing.
the new exam are indeed way harder, but not impossible. flags are no longer in plain sight, and you are deliberately made to work for them by going an extra step or two. for example, flags are stored in hidden directories, flag values with hash that you have to calculate separately, etc. so get good with your shell commands, linux, nmap and all the common tools. all the best!
hi! did you take the exam recently?
Passed My CEH Practical Exam today June 14, 2023. Thanks for this update. I saw this video few minutes to my exam.
Congratulations 🎉
@@thepentesterguyofficial Thank You.
you had priv escalation? wifi and iot? easy or not? thanks!
@@PedroSouza-lc5qz there is WiFi, and IoT. Learn how to analyse pcap using wireshark. Also how to crack wireless pcap captures. U need to understand privilege escalation to enable capture the flags. Some flags are encrypted within a file or folder which u need to decrypt.
@@augustinenzewi5227 Thanks!! And the softwares to decrypt files or folders within the Parrots OS or i need to download them? One question if nobody said to me, can i use chatgpt? :)
This video is accurately correct
Exam has been exam very much
We have 3 subnets with 4-5 machines in each
Question have been merged into once questions like after solve you will get hash to becode after enumerations
LAB is very slow for these merged questions
I brealy Cleared 18 questions in complete 6 hours
Initially i had believed i can clear 20 questions in just 2 hours but questions are really changed now
We have to do enumeration for each question
By the way IoT, Vulnerabilities Analysis, wi-fi and Priv Esc part are added but they are very easy
But be prepare to enumerate 3 subnet in small and laggy screen/machines for each question and you have to use answer to exploit again or crack (no 1 step answers)
And LAB in buggy as after exploiting web vulnerability you can't get shell even on p80 443
In Malware analysis, given file was not opened with any of tool given in lab and displayed currupt file error
is shasum -a 384 file.elf right?
Hello if you don't mind can you explain the priv esc part. or if there's a way i can contact you, maybe you can drop your telegram username. if you don't mind. Thanks
can i use chatgpt? kkkk for malware analysis is good:) did you do the exam in this days?
did you use ssh and polkit vulnerability for the priv esc question and what did you have to do for the iot question
Thanks for the update @thepenterguy. 😊😊 Heard you loud and clear.
I had a question where they asked me for the value of page_ID=95, I looked at the source code of the given domain and there was a value in page_Id=95 but it gave me an error, I couldn't solve it. Any suggestions?
Could you make a video on how to become an appsec engineer or analyst? From beginner. Please, Thank you.
Can you please make and share small videos on new topics
How covert tcp question is asked and how can we identify and solve it
Since CEH practical is an open book exam, can CEH official Lab guide be printed in the PDF format and referred during the exam?
Any update on the new questions?
Do we have any new updates/tips on the latest qs?
true bro, the cloud machines are really very slow
Sir, Cloud kay baray mai kia question aya tha?
exam ma bhaiya joo v topic change wo aa haa us per video panaye
malware analysis main agr virus total kah use kre toh answer hojayega kya
Some one knows how priv esc question? And how to tranfers files between attacker machines?
Where can I get the old questions from (the questions that remains unchanged)
Hi, somebody know how we get the FQDN?
nmap -A -sV ip address.. You will see the FQDN in the result
Learned this the hard way yesterday 😊
Hello how can I reach out to you personally and ask questions
Hi my friend ! Are you sure you fall on exam the malware analysis and privilege escalation? on the practice exam an d not just in theoretical? I bought the exam and took the content within the exam proposal and didn't have it, I did it yesterday, aren't those presented only for the theoretical test?
Can you be more clear about your doubt please
Hey, Can you make Vedios on new topics
Mara exam voucher ka validation sarf 1.5month baki haa too kya kera
Fir to attempt krna padega 10 to ho jaenge baki 5-6 k lia aur b padhna padega
Sir, baki topics sai related kuch resources share kardain.
@@thepentesterguyofficial kya kya padhna padaga and ceh v12 ka lab manaual sa complete hop jayaha kya
@@plussecurity I guess atleast paas to ho jaenge, manual se
@@thepentesterguyofficial ek video banaye ceh practical ke related aap bola tak 3 month baad exam danaa abhi three months ho chuka haa ab kya kera
Bro what kind of things can we do during exam? I mean can we watch tutorials of the tools on youtube if we don't know the answer? Or can we use chatgpt, or any other google sites if we dont know something?
As far as know we can Google but I am not sure about RUclips you can keep it as option and ask the invigilator before exam if he allows then it's well and good
Hii i have ceh v11 practice, so the question would be old for it or for v11 also got updated?
Old
Are sure? Because i am totally rely on this video
Old content, i hope to find old content
@@abuzarkhan1841 bro, I am not the member of Ec Council, I can't take guarantee, but I believe if it's old then there are more chances, you must cover other topics as well
Can we use youtube during the exam?
I guess no
you can
I paid for CEHv11 Practial, will my exam be for cehv12 or 11.
Also is this playlist of yours sufficient as the only resource to pass the exam? Please upload videos on all the topics. I’m very nervous and have less time left
it will be v12
@@ManjeetSingh-rc8du so the certificate will also be v12. Damn am worried since v12 is tough